Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast - Win32:Trojan-gen /


  • This topic is locked This topic is locked
13 replies to this topic

#1 JMF11

JMF11

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 12 June 2014 - 04:17 PM

Hello,

 

I posted this message http://www.bleepingcomputer.com/forums/t/537519/am-i-infected-avast-win32trojan-gen/ and was advised to post here with complementary information.

 

I try to attach a screenshot of the Avast report.

 

Reports of below Tools are in the initial message:

- Security Check

- Farbar Service Scanner

- MiniToolBox

- Malwarebytes Anti-Malware

- Malwarebytes Anti-Rootkit

- Rkill

 

Report from ESET

C:\Users\JMF\Downloads\coretemp(1).exe a variant of Win32/InstallIQ.A potentially unwanted application deleted - quarantined
C:\Users\JMF\Downloads\coretemp.exe a variant of Win32/InstallIQ.A potentially unwanted application deleted - quarantined

 

 

Report from DDS :

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by admin JMF at 23:06:26 on 2014-06-12
Microsoft Windows 7 Édition Intégrale   6.1.7601.1.1252.33.1036.18.8054.5278 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\X-Rite\ColorMunki Display\ColorMunkiDisplayTray.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Windows\system32\igfxHK.exe
C:\Windows\system32\igfxTray.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Windows\system32\igfxEM.exe
C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
C:\Program Files (x86)\MSI\Live Update\Live Update.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [Live Update] C:\Program Files (x86)\MSI\Live Update\StartLiveUpdate.exe /REMINDER
mRun: [Super Charger] C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
mRun: [Command Center] C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COLORM~1.LNK - C:\Program Files (x86)\X-Rite\ColorMunki Display\ColorMunkiDisplayTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ISCTSY~1.LNK - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\XRGamma.lnk - C:\Program Files (x86)\X-Rite\ColorMunki Display\XRGamma.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.254
TCP: Interfaces\{0A6CD756-352A-422D-B8C0-2C82CE292834} : DHCPNameServer = 192.168.0.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\admin JMF\AppData\Roaming\Mozilla\Firefox\Profiles\2smkw42w.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-5-21 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-5-21 208416]
R0 BootDefragDriver;BootDefragDriver;C:\Windows\System32\drivers\BootDefragDriver.sys [2014-5-21 17600]
R0 GUBootStartup;GUBootStartup;C:\Windows\System32\drivers\GUBootStartup.sys [2014-5-21 20672]
R0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hcs.sys [2014-5-21 20464]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-5-21 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-5-21 423240]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-21 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-5-21 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-5-21 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-21 50344]
R2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-6-5 296432]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 iocbios2;iocbios2;C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [2013-1-7 25448]
R2 ISCTAgent;Intel® Smart Connect Technology Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2013-8-1 198120]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2014-5-20 169432]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-12 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-12 860472]
R2 MSI_LiveUpdate_Service;MSI_LiveUpdate_Service;C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2014-6-5 83952]
R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [2014-6-6 162800]
R2 MSI_Trigger_Service;MSI_Trigger_Service;C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [2014-5-20 30240]
R2 MSICTL_CC;MSICTL_CC;C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2014-6-10 1990144]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-6-7 5024576]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\Windows\System32\drivers\DDCDrv.sys [2014-6-7 20832]
R2 xrdd.exe;X-Rite Device Services Manager;C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [2013-7-2 82800]
R2 XTU3SERVICE;Intel® Extreme Tuning Utility Service;C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [2013-4-1 15888]
R3 AcpiCtlDrv;AcpiCtlDrv;C:\Windows\System32\drivers\AcpiCtlDrv.sys [2012-7-17 25880]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2014-5-21 171632]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2013-1-23 27608]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2013-8-1 21408]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2013-8-1 21920]
R3 INETMON;INETMON;C:\Windows\System32\drivers\INETMON.sys [2014-5-21 29088]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-8-1 46568]
R3 iusb3hub;Pilote de concentrateur Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hub.sys [2014-5-21 368112]
R3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel® USB 3.0;C:\Windows\System32\drivers\iusb3xhc.sys [2014-5-21 786416]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-12 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-12 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-12 63704]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2014-6-7 32344]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [2014-6-6 13368]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [2014-6-5 14136]
R3 NTIOLib_MSIClock_CC;NTIOLib_MSIClock_CC;C:\Program Files (x86)\MSI\Command Center\ClockGen\NTIOLib_X64.sys [2014-6-10 13368]
R3 NTIOLib_MSICOMM_CC;NTIOLib_MSICOMM_CC;C:\Program Files (x86)\MSI\Command Center\NTIOLib_X64.sys [2014-6-10 13368]
R3 NTIOLib_MSICPU_CC;NTIOLib_MSICPU_CC;C:\Program Files (x86)\MSI\Command Center\CPU\NTIOLib_X64.sys [2014-6-10 13368]
R3 NTIOLib_MSIDDR_CC;NTIOLib_MSIDDR_CC;C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [2014-6-10 13368]
R3 NTIOLib_MSIFrequency_CC;NTIOLib_MSIFrequency_CC;C:\Program Files (x86)\MSI\Command Center\ClockGen\CPU_Frequency\NTIOLib_X64.sys [2014-6-10 13368]
R3 NTIOLib_MSIRatio_CC;NTIOLib_MSIRatio_CC;C:\Program Files (x86)\MSI\Command Center\CPU\CPU_Ratio\NTIOLib_X64.sys [2014-6-10 13368]
R3 NTIOLib_MSISMB_CC;NTIOLib_MSISMB_CC;C:\Program Files (x86)\MSI\Command Center\SMBus\NTIOLib_X64.sys [2014-6-10 13368]
R3 NTIOLib_MSISuperIO_CC;NTIOLib_MSISuperIO_CC;C:\Program Files (x86)\MSI\Command Center\SuperIO\NTIOLib_X64.sys [2014-6-10 13368]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-6-5 888536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RAMDriv;MSI RAMDrive;C:\Windows\System32\drivers\RAMDriv.sys [2014-6-6 81912]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 IntcDAud;Son Intel® pour écrans;C:\Windows\System32\drivers\IntcDAud.sys [2014-5-20 449528]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 MSIBIOSData_CC;MSIBIOSData_CC;C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2014-6-10 2100736]
S3 MSIClock_CC;MSIClock_CC;C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [2014-6-10 4023296]
S3 MSICOMM_CC;MSICOMM_CC;C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2014-6-10 2118144]
S3 MSICPU_CC;MSICPU_CC;C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [2014-6-10 4157440]
S3 MSIDDR_CC;MSIDDR_CC;C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2014-6-10 2250240]
S3 MSISMB_CC;MSISMB_CC;C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2014-6-10 2063360]
S3 MSISuperIO_CC;MSISuperIO_CC;C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [2014-6-10 544256]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-22 1255736]
.
=============== Created Last 30 ================
.
2014-06-12 20:42:20 -------- d-----w- C:\Program Files (x86)\ESET
2014-06-12 19:51:35 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-12 19:36:20 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-12 19:36:07 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-12 19:36:07 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-12 19:36:07 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-12 19:36:07 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-12 19:36:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-12 19:16:33 -------- d-sh--w- C:\Users\admin JMF\AppData\Local\EmieUserList
2014-06-12 19:16:33 -------- d-sh--w- C:\Users\admin JMF\AppData\Local\EmieSiteList
2014-06-11 18:20:52 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-06-11 18:20:52 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-06-11 18:20:52 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-06-11 18:20:52 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-06-11 18:20:52 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-06-11 18:20:04 -------- d-----w- C:\Users\admin JMF\AppData\Local\Apple
2014-06-11 15:43:22 89600 ----a-w- C:\Windows\SysWow64\RAMDriv.dll
2014-06-11 15:43:22 81912 ----a-w- C:\Windows\SysWow64\drivers\RAMDriv.sys
2014-06-11 15:43:22 343032 ----a-w- C:\Windows\SysWow64\RAMDiskImage.exe
2014-06-11 15:09:47 -------- d-----w- C:\Users\admin JMF\AppData\Roaming\X-Rite
2014-06-10 19:02:41 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-06-10 17:07:16 -------- d--h--w- C:\MSIServiceCfg_CC
2014-06-10 06:02:20 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8EBEC15B-802D-4D88-8941-4AFDBD08A7B0}\mpengine.dll
2014-06-09 19:35:19 -------- d-----w- C:\Program Files\CPUID
2014-06-09 10:04:00 -------- d-----w- C:\Program Files\Core Temp
2014-06-07 16:49:00 -------- d-----w- C:\Program Files (x86)\Armory
2014-06-07 16:48:39 -------- d-----w- C:\Program Files\Bitcoin
2014-06-07 16:17:14 -------- d--h--w- C:\ProgramData\CanonIJScan
2014-06-07 16:01:18 -------- d-----w- C:\Program Files (x86)\TomTom HOME 2
2014-06-07 16:00:41 -------- d-----w- C:\Program Files (x86)\TomTom International B.V
2014-06-07 15:56:53 -------- d-----w- C:\ProgramData\Caphyon
2014-06-07 15:56:52 -------- d-----w- C:\Program Files\Common Files\Flux
2014-06-07 15:56:51 -------- d-----w- C:\Program Files\Common Files\Avid
2014-06-07 15:56:50 -------- d-----w- C:\Program Files (x86)\Common Files\Avid
2014-06-07 15:56:49 -------- d-----w- C:\Program Files\Vstplugins
2014-06-07 15:56:48 -------- d-----w- C:\Program Files (x86)\Vstplugins
2014-06-07 15:56:48 -------- d-----w- C:\Program Files (x86)\Common Files\Flux
2014-06-07 15:39:21 20832 ----a-w- C:\Windows\System32\drivers\DDCDrv.sys
2014-06-07 15:39:21 166400 ----a-w- C:\Windows\System32\DDCHelper.dll
2014-06-07 15:39:21 143360 ----a-w- C:\Windows\SysWow64\DDCHelper.dll
2014-06-07 15:39:21 136192 ----a-w- C:\Windows\System32\DDCHelperX.dll
2014-06-07 15:39:21 114688 ----a-w- C:\Windows\SysWow64\DDCHelperX.dll
2014-06-07 15:39:21 10240 ----a-w- C:\Windows\SysWow64\drivers\DDCDrv.sys
2014-06-07 15:39:09 -------- d-----w- C:\ProgramData\X-Rite
2014-06-07 15:39:09 -------- d-----w- C:\Program Files (x86)\X-Rite
2014-06-07 15:32:51 -------- d-----w- C:\Program Files (x86)\CRRCSim
2014-06-07 15:08:15 -------- d-----w- C:\Program Files\GrampsAIO64
2014-06-07 14:58:42 -------- d-----w- C:\Program Files (x86)\OpenTX
2014-06-07 14:57:31 -------- d-----w- C:\Program Files (x86)\companion9x
2014-06-07 14:57:27 -------- d-----w- C:\Program Files (x86)\GPLGS
2014-06-07 14:56:55 87600 ----a-w- C:\Windows\System32\cpwmon64.dll
2014-06-07 14:56:55 -------- d-----w- C:\Program Files (x86)\Acro Software
2014-06-07 12:47:07 -------- d-----w- C:\Users\admin JMF\AppData\Roaming\TeamViewer
2014-06-07 12:47:02 -------- d-----w- C:\Program Files (x86)\TeamViewer
2014-06-07 12:44:04 -------- d-----w- C:\Program Files (x86)\Lame For Audacity
2014-06-07 12:43:20 -------- d-----w- C:\Program Files (x86)\foobar2000
2014-06-07 10:01:28 -------- d-----w- C:\Windows\System32\MRT
2014-06-07 10:00:31 -------- d-sh--w- C:\Users\admin JMF\IntelGraphicsProfiles
2014-06-07 08:08:25 -------- d-----w- C:\Users\admin JMF\AppData\Roaming\Dropbox
2014-06-07 07:48:57 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2014-06-07 07:48:57 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2014-06-07 07:48:57 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2014-06-07 07:48:57 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2014-06-07 07:48:57 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2014-06-07 07:48:57 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2014-06-07 07:48:57 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2014-06-07 07:48:56 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2014-06-07 07:48:56 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2014-06-06 21:46:25 -------- d-----w- C:\Program Files (x86)\SpeedFan
2014-06-06 18:30:08 89600 ----a-w- C:\Windows\System32\RAMDriv.dll
2014-06-06 18:30:08 81912 ----a-w- C:\Windows\System32\drivers\RAMDriv.sys
2014-06-06 18:26:00 -------- d--h--w- C:\SuperChargerProfile
2014-06-06 10:47:08 4558848 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2014-06-06 04:59:00 180 ----a-w- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-06-05 21:46:09 451 ----a-w- C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-06-05 21:33:48 888536 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2014-06-05 21:33:48 73800 ----a-w- C:\Windows\System32\RtNicProp64.dll
2014-06-05 19:33:32 -------- d-----w- C:\Users\admin JMF\AppData\Roaming\uTorrent
2014-05-22 20:23:39 -------- d-----w- C:\Program Files (x86)\Setup Files
2014-05-22 19:35:01 -------- d-----w- C:\Users\admin JMF\AppData\Roaming\XMind
2014-05-22 19:34:38 -------- d-----w- C:\Program Files (x86)\XMind
2014-05-22 18:52:13 -------- d-----w- C:\Users\admin JMF\AppData\Local\Macromedia
2014-05-22 18:24:51 2871808 ----a-w- C:\Windows\explorer.exe
2014-05-22 18:24:51 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2014-05-22 18:24:50 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2014-05-22 18:24:50 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2014-05-22 18:24:21 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-05-22 18:24:21 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-05-22 18:24:20 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-05-22 18:24:20 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-05-22 18:22:02 96768 ----a-w- C:\Windows\System32\fsutil.exe
2014-05-22 18:22:02 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2014-05-22 18:22:02 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2014-05-22 18:22:02 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2014-05-22 18:22:02 2565632 ----a-w- C:\Windows\System32\esent.dll
2014-05-22 18:22:02 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2014-05-22 18:22:02 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2014-05-22 18:22:02 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2014-05-22 18:22:02 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2014-05-22 18:22:00 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-05-22 18:22:00 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-05-22 18:21:58 67072 ----a-w- C:\Windows\splwow64.exe
2014-05-22 18:21:58 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2014-05-22 06:12:21 -------- d-----w- C:\Windows\SysWow64\wbem\en-US
2014-05-22 06:12:21 -------- d-----w- C:\Windows\System32\wbem\en-US
2014-05-22 06:12:20 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-22 06:12:18 -------- d-----w- C:\Windows\SysWow64\Wat
2014-05-22 06:12:18 -------- d-----w- C:\Windows\System32\Wat
2014-05-22 06:10:11 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-05-22 06:10:11 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-05-22 06:10:11 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-05-22 06:10:11 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-05-22 06:01:58 -------- d-----w- C:\Windows\Migration
2014-05-22 05:47:59 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-05-22 05:29:41 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2014-05-21 21:47:56 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-21 21:47:56 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-21 21:47:21 70144 ----a-w- C:\Windows\System32\appinfo.dll
2014-05-21 21:47:21 111448 ----a-w- C:\Windows\System32\consent.exe
2014-05-21 21:47:16 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2014-05-21 21:47:16 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2014-05-21 21:47:16 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2014-05-21 21:47:13 395776 ----a-w- C:\Windows\System32\webio.dll
2014-05-21 21:47:13 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2014-05-21 21:44:28 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-21 21:43:38 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-05-21 21:22:18 -------- d-----w- C:\Program Files (x86)\MozBackup
2014-05-21 21:08:31 -------- d--h--w- C:\ProgramData\CanonIJEPPEX2
2014-05-21 21:08:31 -------- d--h--w- C:\ProgramData\CanonEPP
2014-05-21 21:07:27 -------- d-----w- C:\ProgramData\Canon IJ Network Tool
2014-05-21 21:07:19 307200 ----a-w- C:\Windows\SysWow64\CNC8100L.dll
2014-05-21 21:07:19 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2014-05-21 21:07:19 106496 ----a-w- C:\Windows\SysWow64\CNC8100U.dll
2014-05-21 21:06:52 -------- d-----w- C:\ProgramData\CanonIJMSetup
2014-05-21 21:03:18 -------- d-----w- C:\Program Files\Common Files\CANON
2014-05-21 21:02:47 -------- d-----w- C:\ProgramData\CanonIJWSpt
2014-05-21 21:00:30 -------- d-----w- C:\Program Files\Canon
2014-05-21 20:59:49 87040 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAH.DLL
2014-05-21 20:59:49 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAH.DLL
2014-05-21 20:59:35 361472 ----a-w- C:\Windows\System32\CNMLMAH.DLL
2014-05-21 20:59:28 248320 ----a-w- C:\Windows\System32\CNMIUAH.DLL
2014-05-21 20:59:16 37376 ----a-w- C:\Windows\System32\CNMN6UI.DLL
2014-05-21 20:59:16 327680 ----a-w- C:\Windows\System32\CNMN6PPM.DLL
2014-05-21 20:59:16 -------- d-----w- C:\Windows\System32\STRING
2014-05-21 20:58:28 -------- d-----w- C:\Program Files (x86)\Canon
2014-05-21 20:57:59 -------- d-----w- C:\Users\admin JMF\AppData\Local\CrashDumps
2014-05-21 20:57:37 -------- d-----w- C:\Users\admin JMF\AppData\Roaming\AVAST Software
2014-05-21 20:47:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-05-21 20:46:59 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2014-05-21 20:45:29 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-05-21 20:44:46 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2014-05-21 20:41:23 29088 ----a-w- C:\Windows\System32\drivers\INETMON.sys
2014-05-21 20:27:17 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-05-21 20:27:17 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-05-21 20:27:17 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-05-21 20:27:17 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-05-21 20:27:16 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-05-21 20:27:16 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-05-21 20:27:16 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-05-21 20:24:46 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-05-21 20:24:46 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-05-21 20:24:46 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-05-21 20:15:13 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2014-05-21 20:15:13 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2014-05-21 20:15:12 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2014-05-21 20:15:12 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2014-05-21 20:14:59 -------- d-----w- C:\uninstall
2014-05-21 20:14:54 -------- d-----w- C:\ProgramData\Intel Application Pairing
2014-05-21 20:14:50 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2014-05-21 20:14:50 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-05-21 20:14:47 -------- d-----w- C:\ProgramData\Package Cache
2014-05-21 20:13:58 11248 ----a-w- C:\Windows\acpimof.dll
2014-05-21 20:09:12 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-21 20:09:12 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-21 20:03:05 20464 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
2014-05-21 20:02:58 786416 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
2014-05-21 20:02:57 368112 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
2014-05-21 19:56:17 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-05-21 19:56:17 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-05-21 19:56:17 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-05-21 19:39:47 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-05-21 19:39:46 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-05-21 19:39:45 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-05-21 19:39:45 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2014-05-21 19:23:10 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-05-21 18:45:30 -------- d-----w- C:\Users\admin JMF\AppData\Local\Adobe
2014-05-21 18:44:39 -------- d-----w- C:\ProgramData\Oracle
2014-05-21 18:44:35 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-21 18:44:35 -------- d-----w- C:\Users\admin JMF\AppData\Roaming\KeePass
2014-05-21 18:41:12 20672 ----a-w- C:\Windows\System32\drivers\GUBootStartup.sys
2014-05-21 18:41:12 17600 ----a-w- C:\Windows\System32\drivers\BootDefragDriver.sys
2014-05-21 18:41:12 118048 ----a-w- C:\Windows\System32\BootDefrag.exe
2014-05-21 18:41:12 -------- d-----w- C:\Users\admin JMF\AppData\Roaming\GlarySoft
2014-05-21 18:41:12 -------- d-----w- C:\Users\admin JMF\AppData\Roaming\DiskDefrag
2014-05-21 18:41:10 -------- d-----w- C:\Program Files (x86)\Glary Utilities 5
2014-05-21 18:40:48 -------- d-----w- C:\Program Files (x86)\KeePass Password Safe 2
2014-05-21 18:39:15 -------- d-----w- C:\Windows\AutoKMS
2014-05-21 18:34:42 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2014-05-21 18:34:33 -------- d-----w- C:\Windows\PCHEALTH
2014-05-21 18:34:33 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2014-05-21 18:31:33 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2014-05-21 18:29:30 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2014-05-21 18:29:30 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2014-05-21 18:29:19 -------- d-----w- C:\Users\admin JMF\AppData\Local\Microsoft Help
2014-05-20 21:31:02 -------- d-----w- C:\Users\admin JMF\AppData\Local\Thunderbird
2014-05-20 21:30:52 -------- d-----w- C:\Users\admin JMF\AppData\Local\Mozilla
2014-05-20 21:30:45 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-20 21:12:39 16344 ----a-r- C:\Windows\System32\drivers\IntelMEFWVer.dll
2014-05-20 21:11:50 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2014-05-20 21:11:48 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2014-05-20 21:11:48 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2014-05-20 21:11:48 2560 ----a-w- C:\Windows\System32\drivers\fr-FR\wdf01000.sys.mui
2014-05-20 21:11:46 99288 ----a-w- C:\Windows\System32\drivers\TeeDriverx64.sys
2014-05-20 21:11:46 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll
2014-05-20 21:07:49 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2014-05-20 21:07:46 -------- d-----w- C:\Intel
2014-05-20 21:07:23 -------- d-----w- C:\Program Files (x86)\MSI
2014-05-20 21:07:22 -------- d-----w- C:\Users\admin JMF\AppData\Local\Programs
2014-05-20 21:05:41 -------- d-sh--w- C:\Windows\Installer
2014-05-20 21:04:37 -------- d-----w- C:\MSI
2014-05-20 20:59:27 2755584 ----a-w- C:\Windows\System32\drivers\athrx.sys
2014-05-20 20:59:27 2755584 ----a-w- C:\Windows\System32\athrx.sys
2014-05-20 20:58:57 -------- d-----w- C:\ProgramData\TP-LINK
2014-05-18 20:27:44 -------- d-----w- C:\Windows\Panther
.
==================== Find3M  ====================
.
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-22 05:47:59 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-05-21 20:09:45 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-05-21 20:09:45 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-05-21 20:06:44 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-05-21 20:06:44 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-05-21 20:06:44 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-05-21 20:06:44 43152 ----a-w- C:\Windows\avastSS.scr
2014-05-21 20:06:44 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-05-21 20:06:44 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-05-13 17:09:48 3962840 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2014-05-09 09:17:44 628952 ----a-w- C:\Windows\System32\RtDataProc64.dll
2014-05-08 14:29:48 2000152 ----a-w- C:\Windows\System32\MBAPO264.dll
2014-05-08 14:29:44 1728280 ----a-w- C:\Windows\SysWow64\MBAPO232.dll
2014-05-08 09:32:02 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-04-30 09:34:18 948952 ----a-w- C:\Windows\System32\RCoInstII64.dll
2014-04-28 13:48:48 2800344 ----a-w- C:\Windows\System32\RltkAPO64.dll
2014-04-25 11:51:10 2834648 ----a-w- C:\Windows\System32\RtPgEx64.dll
2014-04-25 11:23:36 1022168 ----a-w- C:\Windows\System32\RtkApi64.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-10 10:19:56 2101848 ----a-w- C:\Windows\System32\WavesGUILib64.dll
2014-04-10 10:19:54 2041432 ----a-w- C:\Windows\System32\MaxxAudioEQ64.dll
2014-04-10 10:19:52 1063512 ----a-w- C:\Windows\System32\MaxxAudioAPOShell64.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-31 07:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-30 20:28:34 182784 ----a-w- C:\Windows\System32\igfxCoIn_v3540.dll
2014-03-30 20:24:38 6459392 ----a-w- C:\Windows\SysWow64\ig75icd32.dll
2014-03-30 20:23:56 69632 ----a-w- C:\Windows\System32\igfxDHLibv2_0.dll
2014-03-30 20:23:56 57344 ----a-w- C:\Windows\System32\igfxDHLib.dll
2014-03-30 20:23:56 267264 ----a-w- C:\Windows\System32\igfxDI.dll
2014-03-30 20:23:56 209920 ----a-w- C:\Windows\System32\igfxDTCM.dll
2014-03-30 20:23:56 10752 ----a-w- C:\Windows\System32\igfxDILib.dll
2014-03-30 20:23:56 10240 ----a-w- C:\Windows\System32\igfxDILibv2_0.dll
2014-03-30 20:23:54 69632 ----a-w- C:\Windows\System32\igfxCUIServicePS.dll
2014-03-30 20:23:54 653824 ----a-w- C:\Windows\System32\igfxDH.dll
2014-03-30 20:23:50 734208 ----a-w- C:\Windows\System32\MetroIntelGenericUIFramework.dll
2014-03-30 20:23:50 254976 ----a-w- C:\Windows\System32\igfxCPL.cpl
2014-03-30 20:19:10 291328 ----a-w- C:\Windows\SysWow64\igdbcl32.dll
2014-03-30 20:19:10 265216 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll
2014-03-30 20:19:10 18030592 ----a-w- C:\Windows\SysWow64\igdfcl32.dll
2014-03-30 20:19:10 1553920 ----a-w- C:\Windows\SysWow64\igdrcl32.dll
2014-03-30 20:18:22 330240 ----a-w- C:\Windows\System32\igdbcl64.dll
2014-03-30 20:18:22 320512 ----a-w- C:\Windows\System32\IntelOpenCL64.dll
2014-03-30 20:18:22 1674752 ----a-w- C:\Windows\System32\igdrcl64.dll
2014-03-30 20:18:20 23046656 ----a-w- C:\Windows\System32\igdfcl64.dll
2014-03-28 02:06:32 2019840 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2014-03-28 02:06:32 182784 ----a-w- C:\Windows\System32\igfx11cmrt64.dll
2014-03-28 02:06:32 1753088 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2014-03-28 02:06:32 155136 ----a-w- C:\Windows\SysWow64\igfx11cmrt32.dll
2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH: 23:06:37,98 ===============

Attached Files


Edited by JMF11, 12 June 2014 - 04:19 PM.


BC AdBot (Login to Remove)

 


#2 The Pugilist

The Pugilist

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:12 PM

Posted 15 June 2014 - 07:50 PM

Hello JMF11,

 

My name is Dave and I'll be helping you with your concerns here.  Please give me some time to review all of the provided materials before we begin. 

 

In the mean time, please refrain from making any more changes to the computer so I might best help you resolve your issues.


//Dave

#3 JMF11

JMF11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 16 June 2014 - 03:01 AM

Dear Pugilist,

 

Thanks for your support. I'm in France and can access to my computer at evening time. I'll follow your instructions.

 

Kind regards,

 

JMF



#4 The Pugilist

The Pugilist

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:12 PM

Posted 16 June 2014 - 10:08 AM

Jean-Marc,

 

I'm in France and can access to my computer at evening time. I'll follow your instructions.

 

Understood.  Keep in mind too that if for whatever reason you cannot reply to this thread within 48 hours, you can PM me or check in here so I know to keep this thread open.

 

I see the items you are referring too and the items removed by various tools that you have already ran.  At this point however, I'd like some more information about the problem.

 

Is your computer showing signs of infection (or was it), and if so, what were you noticing?  Can you tell me anything about when these problems started?  Was there any specific event (e.g. something being downloaded/installed) that precipitated the problems you were having?


Edited by The Pugilist, 16 June 2014 - 10:08 AM.

//Dave

#5 JMF11

JMF11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 16 June 2014 - 02:04 PM

Hello,

 

The PC is a fresh build. I did not noticed any strange behaviour up to the point that I started a scan of the disk by my antivirus: Avast. To my surprised it found things on the disks, especially this Trojan-gen inside mini-KMS_activator.

 

For information, today, Malewarebytes Anti-Malware detected something similar: Trojan.AutoKMS (see attachment).

 

It may be related to the only risky operation I performed: installing an unofficial Microsoft Office version.

 

As I use this PC for all my personal work and to manage personal accounts, having a Trojan would be too risky. So I really need to nmake sure that the PC is not infected, or to clean it.

 

I woiuld be happy to know if it a a real virus or a false positive. Hence I'm here...

 

Kind regards.

 

JMF

Attached Files


Edited by JMF11, 16 June 2014 - 02:12 PM.


#6 JMF11

JMF11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 17 June 2014 - 12:12 AM

On thing that I forgot to say. The PC has two accounts: one normal and one admin. The PC goes to standby mode flawlessly on the normal account. But on the admin account, I see a blue screen for less than 1/2 second and the PC shutdowns. When I restart the computer, I have the menu stating that the PC was not shutdown correctly and that propose the different startup options.

 

I did not investigated this issue as I wanted to follow the instructions and not interfere with your analysis.

 

Kind regards,

 

JM



#7 The Pugilist

The Pugilist

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:12 PM

Posted 17 June 2014 - 06:55 PM

Jean-Marc,

Let me see if i can address your two posts in order here. First, a bit about the suspected malware:

 

It may be related to the only risky operation I performed: installing an unofficial Microsoft Office version.

 

 

Yes, mini-KMS_activator is a keygen program for the version of office that you currently have installed.

 

While I'm not here to tell you that you're a bad person for pirating software, there are some things you should understand when doing so.

 

Pirated software (or associated things like keygens and cracks), are often modified by the people who distribute them. While sometimes this modification is benign, other times it may contain code to install backdoors or other pieces of malware on your system. While downloading pirated material is risky in many senses, pirating software is especially risky because it involves running software from an untrusted source on your computer (this should scare you).

 

Some times, anti-virus programs will flag things that they think are hacking tools (which often includes keygen programs). While this does not mean the program is inherently bad, it also should not lull you into thinking that it is harmless.

 

That all being said, you logs all look clean to me, you did have some Potentially unwanted Programs that Malwarebytes' removed for you, but the most recent log you posted at the beginning of this thread looks OK.

 

I recommend keeping an eye on the situation and taking action if the situation on your computer changes. Until then however, be very careful when pirating anything (especially software) because despite any legal ramifications associated with pirating, it is a easy way to really mess up your computer. :P

 


Next, regarding your blue screen errors, we will need to collect some additional information for me to help you. Please do the following:
 

  • Download BlueSceeenView and save it to your Desktop.
  • Right click on BlueScreenView-x64.zip and select "Extract All..."
    • Uncheck "Show Extracted files when complete"
    • Click Extract at the bottom right-hand corner.
  • Press the Windows Logo in the bottom left corner of your screen.
    • In the 10-16-2011%204-33-46%20PM.png box, enter notepad and press Enter.
    • Highlight the contents of the following codebox, and copy and paste that text into notepad.
      @echo off
      %userprofile%/Desktop/bluescreenview-x64/BlueScreenView.exe /stabular "%userprofile%/Desktop/BSOD.txt" /sort "~Crash Time"
      notepad.exe "%userprofile%/Desktop/BSOD.txt"
      del /f /q "%~f0"
      
    • Select File -> Save.
    • Press the Desktop button on the left side of the save dialog.
    • In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.
    • Press 10-16-2011%204-36-39%20PM.png.
    • Close Notepad.
    • Right click 10-16-2011%204-34-34%20PM.png on your desktop, and choose 10-16-2011%204-40-48%20PM.png.
    • Press Yes if prompted by User Account Control.
  • After this process completes, please and paste (or attach) its contents of BSOD.txt to the next reply.

//Dave

#8 JMF11

JMF11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 18 June 2014 - 12:35 PM

Dear Dave,

 

Thanks a lot for the feed back. I now feel better.

 

Please find attached the BSOD report.

 

Kind regards,

 

JMF

Attached Files

  • Attached File  BSOD.txt   12.42KB   2 downloads


#9 The Pugilist

The Pugilist

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:12 PM

Posted 19 June 2014 - 08:20 AM

Thanks a lot for the feed back. I now feel better.


You're welcome!

Before we go further with troubleshooting this issue, let me say one thing: Having trouble with Suspend/Hibernate is not uncommon with windows machines. In general, I typically recommend people not use it at all because especially with a newer machine it can be more of a liability than an asset.

I've looked through the BSOD report you sent back to me and while I am not an expert in parsing this information, I have some general things that you might try to resolve this issue. I think you mentioned that you build this computer yourself, so I'd imagine some of these instructions you might be comfortable following, but if you have any questions along the way, you can certainly post back here and I'll assist you.

My general troubleshooting steps are as follows:

  • Make sure your device drivers are up to date. If you installed them from a CD, go to the manufacturer's website and download the newest versions directly.
  • Test the RAM on your PC using something like memtest86
  • Update your PC's BIOS. Note: I put this last because if you botch the update, it can make your motherboard unusable. So I usually only do this if I have to.

Again, If you are unsure of how to do any of these things, let me know and I'd be glad to help you through it.  Alternatively, you could also open a thread in the hardware section of the forum where there are people who are better at picking apart these problems than I.


//Dave

#10 JMF11

JMF11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 19 June 2014 - 02:33 PM

Hello,

 

I tried already most of the proposals: I think that all drivers are up to date. I updated the BIOS. I can run the PC for 24 hours without issue as long as I prevent it to go to sleep mode.

 

I think that I'll go to the hardware section of the forum.

 

Thanks again for your support about the potential trojan ! I recovered my peace of mind thanks to you.

 

Kind regards,

 

JMF



#11 The Pugilist

The Pugilist

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:12 PM

Posted 20 June 2014 - 08:13 AM

I tried already most of the proposals: I think that all drivers are up to date. I updated the BIOS. I can run the PC for 24 hours without issue as long as I prevent it to go to sleep mode.


Yeah, I gave up ages ago with Windows and Sleep Mode after many similar issues.
 

Thanks again for your support about the potential trojan ! I recovered my peace of mind thanks to you.


Any time, glad to be of help. :)


//Dave

#12 The Pugilist

The Pugilist

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:12 PM

Posted 23 June 2014 - 12:01 PM

It seems as though the main issue here has been resolved. 

 

If you would like, we can delete bluescreenview and the log file (BSOD.txt) that we generated, although if you are going to further diagnose your BSOD issue, you may choose to keep both items (as they might come in handy).  Any other tools you have run during this time (such as DDS, MiniToolBox, Farbar's Service scanner, and Rkkill) can also be deleted in the following manner.

 

To delete them, simply select the file (or folder), right click it, then select Delete.

 

In any event, good luck to you, and stay safe out there. :)


//Dave

#13 JMF11

JMF11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 23 June 2014 - 02:00 PM

Thanks, I'll start the cleaning and go back to the inital state.

 

Thanks for all those advices and to have solved this issue.

 

Kind regards.

 

JMF



#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:12 PM

Posted 01 July 2014 - 01:00 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users